Page 19 - info_oct_2021_draft13
P. 19
In Focus
ModSecurity
Open Source Web Application
Firewall
ith the increasing threats and attacks on
web applications, organizations require a
W more effective concept of web application
security. Web Application Firewall (WAF) is such ModSecurity is an open source, cross platform web application firewall
a concept that can be used to prevent various (WAF) engine for Apache, IIS and Nginx. It provides protection from a
threats and attacks on web applications. WAF has
the ability to filter packets, block malicious HTTP range of attacks against web applications such as Cross Site Scripting
requests, and also do logging. The open-source
WAFs are highly flexible and customizable. With (XSS), SQL Injection, Cross Site Request Forgery, Local File Inclusion, Path
full access to the source code, Open source WAF
offers the freedom to WAF administrators, web Traversal, Session Fixation etc. and allows for HTTP traffic monitoring,
administrators and developers to apply rules as
per individual application and provides flexibility logging and real-time analysis. ModSecurity excels at virtual patching
to customize and extend the tool itself to fit as contributed by its reliable blocking capabilities and the flexible rule
language that can be adapted to any need.
Ratnaboli Ghorai
Dinda per application requirements. ModSecurity is a categories, including SQL Injection, Cross Site
Scientist-G & HOG popular open source Web Application Firewall. Scripting, Cross Site Request Forgery, Local File
(Application Security) Inclusion, Open Redirect, Insufficient Session
ratnaboli@gov.in ModSecurity gives access to the HTTP traffic Expiration, Path Traversal etc.
stream in real time, along with the ability to
inspect it. It can be deployed in embedded mode Features/Functionalities of
or in reverse proxy mode. ModSecurity excels at ModSecurity
virtual patching because of its reliable blocking ModSecurity employs a variety of methods to
R. K. Raina capabilities and the flexible rule language that protect websites. Following is a list of the most
Scientist-F can be adapted to any need. ModSecurity works important usage scenarios for ModSecurity:
rk.raina@nic.in with OWASP ModSecurity Core Rule Set (CRS),
CRS is a set of generic attack detection rules
for use with ModSecurity or compatible web Real-time application security
application firewalls. The CRS aims to protect monitoring and access control
web applications from a wide range of attacks, At its core, ModSecurity gives us access to the
Rajeev Kumar Yadav including the OWASP Top Ten, with a minimum HTTP traffic stream in real time, along with the
Scientist - B of false alerts. ModSecurity along with CRS ability to inspect it. This is enough for real-time
yadav.rajeev@nic.in provides protection against many common attack security monitoring. ModSecurity’s persistent
informatics.nic.in 19
October 2021 informatics.nic.in 19
October 2021
